Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Privacy United States Apple

Apple Secures First States To Support Digital Driver's Licenses, But Privacy Questions Linger (techcrunch.com) 100

Apple's plan to digitize your wallet is slowly taking shape. What started with boarding passes and venue tickets later became credit cards, subway tickets, and student IDs. Next on Apple's list to digitize are driver's licenses and state IDs, which it plans to support in its iOS 15 update expected out later this year. From a report: But to get there it needs help from state governments, since it's the states that issue driver's licenses and other forms of state identification, and every state issues IDs differently. Apple said today it has so far secured two states, Arizona and Georgia, to bring digital driver's license and state IDs. Connecticut, Iowa, Kentucky, Maryland, Oklahoma, and Utah are expected to follow, but a timeline for rolling out wasn't given.

Apple said in June that it would begin supporting digital licenses and IDs, and that the TSA would be the first agency to begin accepting a digital license from an iPhone at several airports, since only a state ID is required for traveling by air domestically within the United States. The TSA will allow you to present your digital wallet by tapping it on an identity reader. Apple says the feature is secure and doesn't require handing over or unlocking your phone. The digital license and ID data is stored on your iPhone but a driver's license must be verified by the participating state. That has to happen at scale and speed to support millions of drivers and travelers while preventing fake IDs from making it through. The goal of digitizing licenses and IDs is convenience, rather than fixing a problem. But the move hasn't exactly drawn confidence from privacy experts, who bemoan Apple's lack of transparency about how it built this technology and what it ultimately gets out of it.

This discussion has been archived. No new comments can be posted.

Apple Secures First States To Support Digital Driver's Licenses, But Privacy Questions Linger

Comments Filter:
  • More data that can be stolen.
    • True, but it's already available to be stolen.

      Do we know what kind of data will be stored on the phone? If it's just a unique id ( and possibly a resource locator ), then I'm not sure if it's all that big of a risk.

      • It's available to be stolen. Right. You mean my bank and the DMV has my information, yeah? And as much as we may slag them, they're pretty secure. So the next logical step is to give every fucking business out there my information? To put ID that doesn't need to be on a phone where there are potentially thousands or tens of thousand of vectors for attack and identity theft. What's next, publish my personal information on a billboard because what, it's available to be stolen? What are you, an Apple shill or
        • Uh, easy there tiger. In a proper zero trust model, the only thing stored in your phone would be a unique id. Access to the systems which resolve this id to real data would be secured, meaning even if hackers did get your id, it wouldn't do them any good.

          It's possibly worth noting that we've been successfully storing credit cards on our phones for a while now with minimal fuss.

          I don't know how apple is doing it, but the fact that it's being done at all isn't automatically a bad thing.

          Now maybe go and talk

          • Access to the systems which resolve this id to real data would be secured...

            I've worked with gov IT at the state level. It would be a lot less secure than you think.

            • Me too, fair enough.

              Point being introducing a smart phone into the equation shouldn't elevate the risk of data leak at all.

          • I'd say your narcissistic personality disorder and delusions of grandeur should be treated first. Putting anything that has a pipe to sensitive data on a device connected to the internet that is hosting potentially a multitude of apps that have only had cursory examination by Google or Apple might make sense to you, but not to me and many others. I've seen wise guys like you who think everything buttons down well with xyz model of security end up leaving themselves open to hacks from China. I have literall
            • Fortunately we already have a parable to look at, one which I already mentioned; credit cards. A lot of folks have their credit cards on their phones so they can do tap pay. That seems a higher value target than a DL as it's instant money once compromised.

              So, if your paranoia has any basis in reality, these must be compromised all the time, right? Hackers have obviously been capable of grabbing said credit cards off the device and using that info for illegitimate purchases, right?

              Anyway, is it really nar

    • At least the phone has a lock on it whereas a card can just be picked up and used.

      Personally, I am looking forward to a day when I don't have to carry a bunch of extra stuff around with me.

      When I go out for long walks in the summer, I wear my phone as an arm band, it tracks my steps, plays podcasts, gives me directions, allows me to communicate with others and I can use it as a contactless credit card... but I still can't buy beer unless I have the physical ID card with me.

      • The problem is that, like with everything technology, it just amplifies what a good or bad bad actor can do when he gains access. Yes, he could have stolen your wallet and taken your physical cards. But now if he can sniff a database, or traffic, or whatever insecure protocol will be involved for showing/storing/verifying the id. He will get to keep ALL of them.

      • And maybe some day, that will include your head. Because, really, it's pretty useless isn't it.
  • The FUCK if Apple is getting my driver's license. Fuck Apple
    • Re:Fuck Apple (Score:4, Insightful)

      by UnknowingFool ( 672806 ) on Wednesday September 01, 2021 @11:27AM (#61752523)
      Apple is not "getting" your driver's license. Your state may offer it as a download which Apple's Wallet will recognize. You will get it from your state just like any ticket system these days may offer a digital version for you to put on your phone.
      • If you read Apple's statement it sounds like they most certainly are getting your information.
        • By "getting your information", it will be on your phone. The state is not sending your information to Apple just like the airline does not send your ticket information to Apple.
          • Hello Potsy. Apple has access to your iPhone. You can fuck off now.
            • Please show me where Apple has access to my phone's files. Considering the many legal court battles that they have shown where they have locked down the phone to where even they cannot access a user's phone. I'll wait.
              • Have you been asleep for the last month?
                Its been in the news of how Apple is scanning your phone with Photos and iMessages (and dont bother with the CSAM hashes thing, Apple stated already that the iMessages scanning has nothing to do with hashes and actually "sees" what is sent). On top of this, issues in the past with things like Siri randomly "hearing" you and what you say (and sending those audio files to 3rd parties). Apple hasn't been that quiet that they are in your iPhone and its files, they just d
                • I have been paying attention but how is the OS now scanning photos means that Apple now has access to the files on your phone? Also how does Siri sending recordings of interactions mean that Apple has access to your files? It does not.
    • by psergiu ( 67614 )

      Apple will have access to all driver licenses of those states, so if you don't lock in yours, somebody will create a "Andy_Kron2" Apple ID, say it's you and drive around with your digital driver's license.

      TL;DR version: Apple ALREADY HAS your driver's license.

      • Apple will have access to all driver licenses of those states,

        Not likely. More likely is Apple will work with states on a ways that someone cannot create a counterfeit DL. For example the DL must be digitally signed by the state somehow.

        • Wow, somebody that likes to dick ride Apple.

          Without the details on how it works, you are just pissing in the wind.
          • Wow, somebody that likes to dick ride Apple.

            Because refuting the idea that Apple somehow has hundreds of millions of driver's licenses must be I am sexually attracted to Apple. Also why is that your first impulse is sexual attraction? What does that say about you?

            Without the details on how it works, you are just pissing in the wind.

            What part of Apple is working with states to implement a system that does not exist yet is hard to understand?

  • by smooth wombat ( 796938 ) on Wednesday September 01, 2021 @11:26AM (#61752521) Journal

    For all the whiners who complain about the microchips in the covid vaccines tracking them, are they not getting driver's licenses? Have they given up their mobile phones?

    I mean, it's not like the government can't track you without that microchip, so I just want to see at which point they'll protest being tracked.

    Or are they merely being deliberately delusional and/or lying about not wanting to be tracked by something which can't track you in the first place?

  • Our police continue to buy portable tools from companies like Cellebrite to search or clone our devices. Why on earth would anybody want to hand over their phone to the police even for a moment, especially when manufacturers have failed so miserably in securing locked devices that the only thing that appears to have worked to an extent is shutting off the USB port after some time?

    If licenses move to mobile devices it needs to be done via something like a QR code that I can pull up with my device still locke

    • I see the summary says at least for the TSA "The TSA will allow you to present your digital wallet by tapping it on an identity reader. Apple says the feature is secure and doesn't require handing over or unlocking your phone."

      I don't know what they'll do with drivers licenses. Sorry if I'm jumping the gun but I've seen too many stupid things from some of these companies.

    • Why on earth would anybody want to hand over their phone to the police even for a moment

      For air travel at least, as the summary said you tap it on a reader. You don't hand it over.

      I imagine something similar might happen if the police stopped you in your car... I also wouldn't hand over my phone but would be OK tapping it on a reader.

    • by gnasher719 ( 869701 ) on Wednesday September 01, 2021 @12:05PM (#61752649)

      If licenses move to mobile devices it needs to be done via something like a QR code that I can pull up with my device still locked. I should never have to unlock my device or hand it over in the presence of police.

      Apple has some great documentation about their security. Every file is encrypted with a key that requires the exact ARM chip on your phone (so it cannot be brute forced on some supercomputer), another 256 bit key stored on your device (mostly there to make any data instantly inaccessible if that key is deleted). Most files also require your PIN code, but files can be told to be encrypted without it.

      That way, apps can run without unlocking the phone. Examples are: Calculator, taking photos using the camera (but not looking at existing photos) and some other things.

      It is no problem for Apple to write an app that shows your passport, without unlocking your phone. Likely that you have to use a finger print, Face ID or passcode, but only to decrypt the image of your passport, without unlocking.

      So all that unlocking does: An app can read all its files vs. an app can only read files that it requested specifically to be readable without unlocking.

  • by King_TJ ( 85913 ) on Wednesday September 01, 2021 @11:33AM (#61752535) Journal

    Long time iPhone user here and the fact is, the whole digital "Apple wallet" concept has provided more security than it's taken away.
    Apple Pay is a really good thing, for example, in the sense it lets you do a transaction much more safely than chip and PIN credit cards do, much less having to swipe the mag-stripe on one.

    If you carry around you physical drivers' license in your wallet, nothing stops someone else from getting ahold of it if you accidentally drop your wallet or it gets stolen from you. At least if it's a digital version in your phone, it's password protected with whatever you enabled on the phone to guard things. And as people are saying here, it's not just holding a complete copy of your license itself. It's going to be some kind of digital token that you probably have to get sent from your DMV.

    • by vux984 ( 928602 )

      If you carry around you physical drivers' license in your wallet, nothing stops someone else from getting ahold of it if you accidentally drop your wallet or it gets stolen from you.

      This is true but the threat profile is people within a few feet of you.

      With apple wallet, there is a possibility of a remote hack. So anyone, anywhere on the the planet.

      Plus the criminal element of 'people within a few feet of me' are pretty much universally ONLY ever interested in cash and cash equivalents and nothing else. The criminal element that would be looking for remote hacks are much more interested in identity theft.

      I think to say my license is "more secure" on my phone is pretty debatable.

      The se

      • Your iPhone will survive more water than your driving license.
      • "With apple wallet, there is a possibility of a remote hack. So anyone, anywhere on the the planet."

        Who do you have more confidence in securing your data from a "remote hack"? Apple (a multi-billion $ tech company) or your state's DMV?

        • by vux984 ( 928602 )

          "Who do you have more confidence in securing your data from a "remote hack"? Apple (a multi-billion $ tech company) or your state's DMV?"

          It doesn't really matter who i have more confidence in. It's not a choice between them. The DMV is going to have my drivers license records either way, so that risk is unavoidable.

          Adding Apple just adds more more risk, and that additional risk is entirely optional.

    • Honest question, how is Apple Pay safer than chip and PIN?
      • If nothing else? When you pay with Apple Pay, you're never displaying a physical credit card that has your information printed or stamped on it. So it avoids the risk of the "over the shoulder" card theft from someone covertly snapping a photo of the card when you pull it out of your wallet.

        It also keeps you from getting into the situation where a vendor/merchant wants you to hand them your card to insert it in their reader. (That's where a lot of fraud happens when said vendor is dishonest and purposely t

        • Ability to take a photo of a card makes "Chip and PIN" less secure than Apple Pay how exactly? You can just get the printed info, which is not the secure part of chip and PIN.

          Your other situation is an example, if one gives away the PIN, of course the card can be compromised. This can be an advantage, I can give my wife my card so she can pay with it.

          BTW I have a similar example, my mother was paying in a restaurant and they asked for her card and PIN, "because their terminal was in the back"...

          • To me, the best feature are the single-use transaction tokens, so the next time I shop at that same store, they have no way to link those transactions to each other, whereas with credit cards they have a credit card number that they can correlate to create a profile or can link to an account. Of course, that also means that POS compromises, like the ones suffered at a few large US retailers like Home Depot and Target, no longer compromise the card itself because that token can’t be used for anything a

      • by tlhIngan ( 30335 )

        Honest question, how is Apple Pay safer than chip and PIN?

        You can't clone a card from Apple Pay, for starters.

        With Chip and PIN, you get (in the clear) the card number and other details. What happens is that the transaction details are encrypted by the card and that encrypted blob is then sent to your bank to authenticate the transaction.

        With Apple Pay, your bank, as part of the enrollment process, issues you a dummy card number. Apple Pay uses that when transacting, so even if it was cloned it's useless. E

    • it lets you do a transaction much more safely than chip and PIN credit cards do

      Explain how, and please be precise.

  • just saves the providers the time and cost of having to collect/track some other way. This way they just have it to sell and market with at 0 cost(in fact how much are the states paying Apple). What could go wrong.
    • By paying you mean working with Apple to get the format right, I would suspect $0. The license is issued by the state and not Apple; they just need to get the format right so that Wallet accepts it.
      • Apple does not do anything for free or as public service. Apple is making out like the bandit they are somehow, somewhere, in someway.
        • Apple does not do anything for free or as public service.

          What are you smoking? Apple has had a long history of supporting open source software like CUPS, LLVM/Clang, etc. Apple charges $0 for their core apps. Apple does do a lot of things for free most of which is so people buy their products.

          Apple is making out like the bandit they are somehow, somewhere, in someway.

          Yes when people buy their phones.

          • "Apple has had a long history of supporting open source software like CUPS, LLVM/Clang, etc." I stand corrected.
          • Apple does not do anything for free or as public service.

            What are you smoking? Apple has had a long history of supporting open source software like CUPS, LLVM/Clang, etc.

            They do that because it's cheaper than starting from scratch.

            Apple charges $0 for their core apps.

            Which only run on their OS, which you can only legally run on their expensive computers, which is what pays for the development of those apps. Except historically iTunes, which was historically shit. And Quicktime, which was also shit. And both of which were necessary to support Apple stuff.

            I don't trust Apple or Google or Microsoft etc etc to store my ID information and not collect it as well.

            • They do that because it's cheaper than starting from scratch.

              Which is relevant to his contention that Apple does not do anything for free? Factually they do. No one said Apple had no motives in doing it for free. Apple's motives are pretty clear; they want you to buy their products and services.

              Which only run on their OS, which you can only legally run on their expensive computers, which is what pays for the development of those apps. Except historically iTunes, which was historically shit. And Quicktime, which was also shit. And both of which were necessary to support Apple stuff.

              Safari (Webkit), CUPS, LLVM/Clang, Bonjour/Avahi, were all free and did not need to run on Apple stuff.

              I don't trust Apple or Google or Microsoft etc etc to store my ID information and not collect it as well.

              Then don't.

          • "Apple has had a long history of supporting open source software"

            Which does not address the original point, "Apple does not do anything for free"

            Apple is the business of making money. Apple is not providing the digital wallet as a public service. They are making money off this proposal. The fact you are not interested, show you are a complete moron.
            • Which does not address the original point, "Apple does not do anything for free"

              Apple provides open source software which you can get for "free" Do I need to say it more slowly for you?

              Apple is the business of making money. Apple is not providing the digital wallet as a public service. They are making money off this proposal.

              Citation Needed. Please show the documents where Apple is making money off wallet considering they do not make money now.

              The fact you are not interested, show you are a complete moron.

              It seems Apple hate is so extreme that you are insulting people instead of presenting facts.

      • The state investing any resources working with Apple is > $0.

        they just need to get the format right so that Wallet accepts it.

        And this is the crux. I've worked with state programmers. If you think the feds are bad...

        • And what part of the state spending resources to develop a digital license means that states must be "paying Apple"? This was the OP's original claim; that Apple must be making money off of this somehow. My response is Apple makes loads of money by selling phones by offering features customers might want.
  • This would be handy as a backup for when I forget my wallet at home or, like happened to me a few years ago, lose my license while on a business trip. I don't want it as my primary form of my DL though. I still want and would use the physical license 99% of the time.
  • No thanks.

    "Let me see your license and registration, please"
    'It's on my phone, and its locked'
    "well then, unlock your phone"

    And now Officer Friendly has your unlocked phone. "Let's see what else is in here..."

    Same with the car insurance card.
    No thanks.

    Contrary to what some people think, not everyone lives on their phone, or carries it with them all the time.
    • 1) You can show something in the digital wallet without having to unlock your phone. 2) 2) Searching the phone without permission will still be an unlawful search.
      • by Anonymous Coward

        You don't get it... you handed the officer your unlocked phone. The State will argue, and most likely win, that you unlocked the phone and handed it to the officer. Thereby granting the officer the permission to search it.

        Would be the equivalent of the officer knocking and being allowed by you into your domicile (house/apartment) for a well-being check. And noticing the unregistered Glock and 2kg of black-tar hash on your coffee table.

        4th and 5th amdmt. may be in order if you pull up the document and sho

        • You don't get it... you handed the officer your unlocked phone. The State will argue, and most likely win, that you unlocked the phone and handed it to the officer. Thereby granting the officer the permission to search it.

          No you do not get it. Permission to search must be explicit in almost all cases. Handing over a phone to show ID is not a permission to search the phone. Just like handing over a wallet with your ID does not mean the officer can search the wallet. This is why warrants exist. A police officer cannot search your property just because they happen to be on your property.

          Would be the equivalent of the officer knocking and being allowed by you into your domicile (house/apartment) for a well-being check. And noticing the unregistered Glock and 2kg of black-tar hash on your coffee table.

          First of all if you let the officer in, that IS permission to enter. Second you still have not granted permission to search just because you le

          • by oh_my_080980980 ( 773867 ) on Wednesday September 01, 2021 @03:02PM (#61753477)
            Right.

            Now try and stop the police officer from searching your phone after you handed it over.

            And please try and take the phone back from the police officer. You will be charged. Plain and simple

            Sounds like you think the police officer is going to say, "hey, that's unlawful search and seizure", and not "hey, I can search your phone and justify it later".

            Moron.
            • Re: (Score:2, Informative)

              Now try and stop the police officer from searching your phone after you handed it over.

              Now allow that officer to present that evidence in court while court after court rules the evidence as inadmissable.

              And please try and take the phone back from the police officer. You will be charged. Plain and simple

              And please allow me to sue that officer to retrieve my party while multiple courts rules that officer overstepped their authority.

              Sounds like you think the police officer is going to say, "hey, that's unlawful search and seizure", and not "hey, I can search your phone and justify it later".

              Sounds like you do not understand that anything officers that does not make that action "legal". Seems like you do not understand what "legal" is.

              • Even if I'm in the right, and I win, I'd rather not go to court over something that is totally avoidable.
                • You may not be presented with the choice of participation. A police officer can barge into your house today without a warrant and search it without permission.
                • What exactly do you keep on your phone that makes you think you'll get arrested in the new minutes an officer could illegally search your phone?

          • You're being pedantic as is the GP. Yes, they need permission to move about and move stuff but a search can simply be a look around by eye without moving. If you invited them in and they spotted contraband - you're dorked.
            • No. A police officer today can illegally search your phone or car; that does not make the search legal. That does not mean any evidence can be admissible. If a police officer observes something, it must be in "plain view" as multiple rulings set as precedent. Searching around your phone is not "plain view."
    • "Let me see your license and registration, please"
      'It's on my phone, and its locked'
      "well then, unlock your phone"

      That's the modern slash-dotter, making unjustified and wrong assumptions. It's no problem whatsoever for Apple to create an app for this that (a) doesn't require the phone to be unlocked and (b) requires passcode or biometric ID to show your passport - without unlocking the phone.

  • But the move hasn't exactly drawn confidence from privacy experts, who bemoan Apple's lack of transparency about how it built this technology and what it ultimately gets out of it.

    They get lock-in.

    You start using your iPhone for everything in Apple Wallet. It's convenient, because you're probably carrying your phone anyway.

    That causes more friction when switching to Android, so you stay with iPhone.

    • That assumes that the license will never be offered on Android or as a physical version. If it is anything like an airline ticket today, that is not a valid assumption.
      • That assumes that the license will never be offered on Android or as a physical version.

        Nope.

        If you have to set it up again because you moved to Android, setting it up again is the friction. With the physical item, carrying the additional thing is the friction.

        Friction is not a barrier, it's just additional effort.

        • If you have to set it up again because you moved to Android, setting it up again is the friction. With the physical item, carrying the additional thing is the friction.

          That is not "lock in". That is inconvenience.

          • Lock-in has never been a barrier. It has always been inconvenience.

  • Today your driver's license, tomorrow your ability to vote. Or somebody else's ability to vote instead of you, or ...
  • As per https://en.digst.dk/news/news-archive/2020/december/denmark-launches-new-digital-driving-licence/ [digst.dk]

    Since 24 November 2020, Danish citizens have been able to download their driving licence in a new app and leave their physical driving licence at home.

    We also have our health insurance card as an app. And vaccination information. And government 2FA that we use for all public services. And several payment methods. We are getting rid of as much paper and plastic as possible.

    So, this is simply not news or novel - it's just business as usual.

  • by Oligonicella ( 659917 ) on Wednesday September 01, 2021 @03:45PM (#61753641)
    Um, wasn't there something about Apple and security just recently?
  • My biggest concern isn't security, but what happens if you get pulled over and your phone isn't charged?

    Will the police wait for it to charge, or give you a ticket for driving without a license?

    Will they wait if your phone just updated its OS and takes a few min to reboot?

    If your screen has a crack or defect, can the police say they can't read it and not accept the digital version?

    If the police drop your phone and break it while you are showing them your license, who is responsible for the repair?

  • Is for banks, stores, etc to accept the digital ID, which could be augmented with an Apple Pay-like NFC system that connects to some central database and verifies it's authentic. Then I can just leave the physical card in my car at all times and if I get pulled over, can hand that to the cop.

  • Officer: "Do you know how fast you were going? Now please hand me your unlocked phone so I can check your photos, one of which will be your driver's license."
  • In another 10 years, I have a feeling we'll all have a digital ID.

    Make sure we still have cold hard cash. Don't let the politicians get away with making it electronic. It's easier for them to steal money and fudge numbers. Don't think they won't do that or your party's people won't do it. That much money and power is too tempting.

Children begin by loving their parents. After a time they judge them. Rarely, if ever, do they forgive them. - Oscar Wilde

Working...